Премини към съдържанието
capnemo

Странна директория [РЕШЕН]

Препоръчан отговор


Здравейте, появи ми се една странна директория в Application Data с име Thinstall, Malwarebytes' Anti-Malware откривва тези неща в нея: Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32INFO.EXE (Trojan.Backdoor) -> Quarantined and deleted successfully. Files Infected: c:\documents and settings\romeo ninov\local settings\application data\thinstall\Cache\Stubs\c3ffec96e1a543c4a1694c0353eaafaf6ed697a\acrord32info.exe (Trojan.Backdoor) -> Quarantined and deleted successfully. c:\documents and settings\romeo ninov\application data\thinstall\cyberlink powerdvd 8\4000001a00002i\olrstatecheck.exe (Trojan.IRCBot) -> Quarantined and deleted successfully. след карантина и изтриване на директорията и рестарт директорията се появява отново. Моля за съвет и помощ за почистването

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добър ден..!Ако може да подготвите за начало един лог от DDS: тук . После ще я мислим ...Поздрави..:biggrin:

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добър ден..!Ако може да подготвите за начало един лог от DDS: тук . После ще я мислим ...Поздрави..:biggrin:

Ето резултатите:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Romeo Ninov at 9:40:00,92 on 26.03.2011 Ј.

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2046.1240 [GMT 1:00]

.

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\IPSSVC.EXE

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

svchost.exe

C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Siemens\Card API\bin\siecacst.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\MozyHome\mozystat.exe

C:\Program Files\VMware\VMware Server\vmware-authd.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Program Files\VMware\VMware Server\vmserverdWin32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Romeo Ninov\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyServer = 10.55.0.36:8080

BHO: AutorunsDisabled - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [TpShocks] TpShocks.exe

mRun: [TP4EX] tp4ex.exe

mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe

mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [LPMailChecker] c:\progra~1\thinkv~2\prdctr\LPMLCHK.exe

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [<NO NAME>]

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [CheckPoint Cleanup] c:\docume~1\romeon~1\locals~1\temp\cpes_clean_launcher.exe c:\docume~1\romeon~1\locals~1\temp\cpes_clean.exe

mRun: [Flashget] c:\program files\flashget\flashget.exe /min

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\romeon~1\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hipath~1.lnk - c:\program files\siemens\card api\bin\siecacst.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe

IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm

IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: e-fibank.bg

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://e-fibank.bg/EBank/CAPICOM/capicom.cab

DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

TCP: {08D4027E-BC55-411F-952C-4342C857AA0D} = 192.168.1.1

Notify: AtiExtEvent - Ati2evxx.dll

Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll

Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll

Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 relog_ap

LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll

IFEO: taskmgr.exe - "c:\tools\PROCEXP.EXE"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\romeon~1\applic~1\mozilla\firefox\profiles\c0o9tb00.default\

FF - prefs.js: network.proxy.ftp - tehif.eu

FF - prefs.js: network.proxy.ftp_port - 3128

FF - prefs.js: network.proxy.gopher - tehif.eu

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - tehif.eu

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.socks - tehif.eu

FF - prefs.js: network.proxy.socks_port - 3128

FF - prefs.js: network.proxy.ssl - tehif.eu

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll

.

============= SERVICES / DRIVERS ===============

.

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]

R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2008-11-23 15784]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-2-13 394952]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-9-13 53248]

R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]

R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-1-28 62320]

R2 vmserverdWin32;VMware Registration Service;c:\program files\vmware\vmware server\vmserverdWin32.exe [2009-10-20 1654884]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys --> c:\windows\system32\drivers\klif.sys [?]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-1-28 45424]

S3 block_reader;MPR DRV;\??\f:\software\hack\multi_password_recovery_1.1.5_portable\block_reader.sys --> f:\software\hack\multi_password_recovery_1.1.5_portable\block_reader.sys [?]

S3 cpuz130;cpuz130;\??\c:\docume~1\romeon~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\romeon~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]

S3 cxbu0wdm;CardMan 6121;c:\windows\system32\drivers\cxbu0wdm.sys [2007-2-28 91008]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys --> c:\windows\system32\drivers\ewusbfake.sys [?]

S3 PCDSRVC{9503439C-19F1437D-06000000}_0;PCDSRVC{9503439C-19F1437D-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pcdr5\pcdsrvc.pkms [2009-2-19 20848]

S3 RETA5;RETA5 NDIS Protocol Driver;\??\c:\progra~1\eeyedi~1\cascan~1\reta5.sys --> c:\progra~1\eeyedi~1\cascan~1\RETA5.SYS [?]

S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-11-19 109328]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]

.

=============== File Associations ===============

.

.txt=txt_auto_file

.

=============== Created Last 30 ================

.

2011-03-26 08:24:46 -------- d-----w- C:\Virtual Machines

2011-03-22 20:35:34 -------- d-----w- c:\documents and settings\romeo ninov\.hAWabAzAr

2011-03-22 20:35:34 -------- d-----w- c:\docume~1\romeon~1\applic~1\com.hyfn.taylorswift

2011-03-22 19:44:39 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-03-22 19:44:39 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-03-22 19:44:39 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-03-22 19:44:39 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-03-22 19:44:39 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-03-22 19:44:38 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-03-22 19:44:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-03-22 19:44:37 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

.

==================== Find3M ====================

.

2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll

2011-02-02 07:58:35 2067456 ------w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ------w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ------w- c:\windows\system32\win32k.sys

2009-01-08 20:58:28 774144 ------w- c:\program files\RngInterstitial.dll

.

============= FINISH: 9:40:46,20 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 09.10.2007 г. 03:16:04

System Uptime: 26.3.2011 г. 09:22:13 (0 hours ago)

.

Motherboard: LENOVO | | 0674KSG

Processor: Intel® Core2 CPU T7200 @ 2.00GHz | None | 1316/167mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 88 GiB total, 65,976 GiB free.

D: is CDROM ()

E: is CDROM (UDF)

F: is FIXED (NTFS) - 578 GiB total, 229,207 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/Wireless 3945ABG Network Connection

Device ID: PCI\VEN_8086&DEV_4227&SUBSYS_10118086&REV_02\4&20975680&0&00E1

Manufacturer: Intel Corporation

Name: Intel® PRO/Wireless 3945ABG Network Connection

PNP Device ID: PCI\VEN_8086&DEV_4227&SUBSYS_10118086&REV_02\4&20975680&0&00E1

Service: NETw5x32

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\2028101361B00

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\2028101361B00

Service: NIC1394

.

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: ThinkPad UltraNav Pointing Device

Device ID: ACPI\IBM0057\4&38462492&0

Manufacturer: Lenovo

Name: ThinkPad UltraNav Pointing Device

PNP Device ID: ACPI\IBM0057\4&38462492&0

Service: i8042prt

.

Class GUID: {6BDD1FC5-810F-11D0-BEC7-08002BE2092F}

Description: IBM ThinkPad Fast Infrared Port

Device ID: ACPI\IBM0071\4&38462492&0

Manufacturer: IBM

Name: IBM ThinkPad Fast Infrared Port

PNP Device ID: ACPI\IBM0071\4&38462492&0

Service: NSCIRDA

.

==== System Restore Points ===================

.

RP298: 05.3.2011 г. 14:15:50 - System Checkpoint

RP299: 09.3.2011 г. 07:01:55 - Software Distribution Service 3.0

RP300: 13.3.2011 г. 06:54:35 - System Checkpoint

RP301: 15.3.2011 г. 21:18:49 - Software Distribution Service 3.0

RP302: 18.3.2011 г. 07:04:54 - System Checkpoint

RP303: 19.3.2011 г. 13:45:48 - System Checkpoint

RP304: 20.3.2011 г. 14:02:35 - System Checkpoint

RP305: 24.3.2011 г. 06:18:24 - Software Distribution Service 3.0

RP306: 26.3.2011 г. 07:45:06 - System Checkpoint

.

==== Installed Programs ======================

.

2007 Microsoft Office system

ACDSee Photo Manager 2009

Acronis True Image WD Edition

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.0.1)

Adobe Shockwave Player 11.5

Ashampoo Burning Studio 9.21

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

ATI HYDRAVISION

Audacity 1.3.8 (Unicode)

Azureus

BulgarianPhonetic XP by G. Atanasov

Canon Camera Access Library

Canon Utilities EOS Utility

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Localization All

ccc-Branding

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Dutch

CCC Help English

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Portuguese

CCC Help Spanish

CCC Help Swedish

Critical Update for Windows Media Player 11 (KB959772)

Diskeeper Lite

ESET NOD32 Antivirus

FlashGet 1.9.6.1073

Futuremark SystemInfo

High Definition Audio Driver Package - KB888111

HiPath SIcurity Card API

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB949764)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB970685)

Hotfix for Windows XP (KB976098-v2)

InfoNotary e-Doc Signer

InfoNotary Smart Card Manager

Intel PROSet Wireless

Intel® PROSet/Wireless WiFi Software

Java Auto Updater

Java 6 Update 23

K-Lite Codec Pack 5.6.1 (Full)

Lexmark Software Uninstall

Maintenance Manager

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft ActiveSync

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (English) 2007

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual J# 2.0 Redistributable Package - SE

Miranda IM 0.9.17

Mozilla Firefox 4.0 (x86 en-US)

MozyHome

mProSafe

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB954459)

mWlsSafe

neroxml

On Screen Display

OpenAL

PDFCreator

Picasa 3

Productivity Center Supplement for ThinkPad

PuTTY version 0.60

Rescue and Recovery

Rescue and Recovery Critical Patch for Windows Update (KB917422)

SA Dictionary 2005 T2

Security Update for 2007 Microsoft Office System (KB951550)

Security Update for 2007 Microsoft Office System (KB951944)

Security Update for 2007 Microsoft Office System (KB960003)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Excel 2007 (KB959997)

Security Update for Microsoft Office OneNote 2007 (KB950130)

Security Update for Microsoft Office PowerPoint 2007 (KB951338)

Security Update for Microsoft Office Publisher 2007 (KB950114)

Security Update for Microsoft Office system 2007 (KB954326)

Security Update for Microsoft Office system 2007 (KB956828)

Security Update for Microsoft Office Visio 2007 (KB957831)

Security Update for Microsoft Office Word 2007 (KB956358)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Visio 2007 (KB947590)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skins

Skype™ 3.8

SoundMAX

Spelling Dictionaries Support For Adobe Reader 9

Subtitle Workshop 2.51

Synaptics Pointing Device Driver

System Migration Assistant

System Update

Texas Instruments PCIxx21/x515/xx12 drivers.

ThinkPad Bluetooth with Enhanced Data Rate Software

ThinkPad Configuration

ThinkPad EasyEject Utility

ThinkPad FullScreen Magnifier

ThinkPad Hotkey Features Setup

ThinkPad Keyboard Customizer Utility

ThinkPad Modem

ThinkPad PC Card Power Policy

ThinkPad Power Management Driver

ThinkPad Power Manager

ThinkPad Presentation Director

ThinkPad UltraNav Utility

ThinkPad UltraNav Wizard

ThinkVantage Active Protection System

ThinkVantage Fingerprint Software

ThinkVantage Productivity Center

ThinkVantage Technologies Welcome Message

TIPCI

Total Commander (Remove or Repair)

TrackPoint Accessibility Features

TrueCrypt

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 (KB952142)

Update for Office 2007 (KB932080)

Update for Office 2007 (KB934391)

Update for Office System 2007 Setup (KB929722)

Update for Outlook 2007 Junk Email Filter (KB2508979)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VCRedistSetup

Visual C++ 8.0 ATL (x86) WinSXS MSM

Visual C++ 8.0 CRT (x86) WinSXS MSM

VLC media player 1.1.8

VMware OVF Tool

VMware Server

Wallpapers

WebFldrs XP

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Media Connect

Windows Media Format 11 runtime

Windows Media Player 10 Hotfix - KB894476

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

XP Themes

.

==== Event Viewer Messages From Past Week ========

.

26.3.2011 г. 09:24:48, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KLIF

26.3.2011 г. 09:23:34, error: Service Control Manager [7023] - The Logical Disk Manager service terminated with the following error: The specified module could not be found.

26.3.2011 г. 09:23:34, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

26.3.2011 г. 09:23:19, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

26.3.2011 г. 09:21:19, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY CardMan 6121 0' rejected IOCTL GET_STATE: The device has been removed.

26.3.2011 г. 09:16:11, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY CardMan 6121 0' rejected IOCTL GET_STATE: Access is denied.

26.3.2011 г. 09:11:53, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY CardMan 6121 0' rejected IOCTL GET_STATE: The device has been removed.

25.3.2011 г. 20:01:01, error: VolSnap [25] - The shadow copy of volume F: was aborted because the diff area file could not grow in time. Consider reducing the IO load on this system to avoid this problem in the future.

25.3.2011 г. 20:00:53, error: VolSnap [12] - The shadow copy of volume F: became low on diff area space before it was properly installed.

24.3.2011 г. 20:30:00, error: VolSnap [20] - The shadow copy of volume F: was aborted because of a failed free space computation.

24.3.2011 г. 20:01:13, error: VolSnap [20] - The shadow copy of volume F: was aborted because of a failed free space computation.

23.3.2011 г. 20:00:37, error: VolSnap [20] - The shadow copy of volume F: was aborted because of a failed free space computation.

22.3.2011 г. 20:00:30, error: VolSnap [20] - The shadow copy of volume F: was aborted because of a failed free space computation.

21.3.2011 г. 18:42:33, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY CardMan 6121 0' rejected IOCTL GET_STATE: Access is denied.

21.3.2011 г. 18:40:49, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY CardMan 6121 0' rejected IOCTL GET_STATE: The device has been removed.

21.3.2011 г. 07:17:22, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY CardMan 6121 0' rejected IOCTL GET_STATE: The device has been removed.

21.3.2011 г. 07:17:18, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY CardMan 6121 0' rejected IOCTL GET_STATE: Access is denied.

21.3.2011 г. 07:12:35, error: SCardSvr [610] - Smart Card Reader 'OMNIKEY CardMan 6121 0' rejected IOCTL GET_STATE: The device has been removed.

20.3.2011 г. 19:28:01, error: VolSnap [20] - The shadow copy of volume F: was aborted because of a failed free space computation.

19.3.2011 г. 20:00:48, error: VolSnap [20] - The shadow copy of volume F: was aborted because of a failed free space computation.

.

==== End Of File ===========================

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Това IP : 10.55.0.36 - познато ли ви е..?

Изтеглете ComboFix от тук или тук и го запазете на десктопа си.

  • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

  • Стартирайте Combo-Fix.com и следвайте инструкциите.

Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

  • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

  • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

Публикувано изображение

След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

Публикувано изображение

Изберете Yes, за да продължи сканирането за зловреден софтуер.

Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

Бележка:

  • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
  • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
  • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
  • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
  • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
публикувано (редактирано)

При изпълнението на програмата се появи син екран и компютъра се рестартира, това стана някъде след stage_20 мисля. И за съжалени в с:\ няма такъв файл П.П. Да, ИП адреса ми е познат, това е прокси сървъра в работата

Редактирано от capnemo (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Отново привети..!:speak:Опитайте да направите сканирането с ComboFix (по инструкцията в пост 4) в =linker"]Safe Mode без да изключвате интернет достъпа си..!Молбата ми е ако евентуално изникне BSOD (син екран) да се опитате да запишете грешката и да ми я кажете....ще ви бъда благодарен..!Поздрави..!:)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Отново привети..!:speak:Опитайте да направите сканирането с ComboFix (по инструкцията в пост 4) в Safe Mode без да изключвате интернет достъпа си..!Молбата ми е ако евентуално изникне BSOD (син екран) да се опитате да запишете грешката и да ми я кажете....ще ви бъда благодарен..!Поздрави..!:)

Комбофикс ме предупреждава че е активиран скенера на НОД32 (safe mode) и не мога да намеря начин да го спра

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Опитайте така:

Кликнете два пъти върху иконата на НОД32 в системната област в долния десен ъгъл.

Изберете Disable real-time file system protection

Ще ви попита: "Are you sure you want to disable...protection?"

Натиснете "Yes", за да изключите за да изключите защитата на антивируса

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Опитайте така:

Кликнете два пъти върху иконата на НОД32 в системната област в долния десен ъгъл.

Изберете Disable real-time file system protection

Ще ви попита: "Are you sure you want to disable...protection?"

Натиснете "Yes", за да изключите за да изключите защитата на антивируса

В трея нямам никакви икони, само часовника. И това са процесите според process explorer

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да разбрах ..тогава когато те уведоми че е включена защитата потвърди и продължи....!За сега по вероятно е проблема да се дължи на конфликт между ваш софтуер и Комбофикс..!:rolleyes:

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да разбрах ..тогава когато те уведоми че е включена защитата потвърди и продължи....!За сега по вероятно е проблема да се дължи на конфликт между ваш софтуер и Комбофикс..!:rolleyes:

Ето го лога, всички етапи минаха нормално. Лога е правен в safe mode и единственото, което съм натискал е ОК на предупреждението за влизане safe mode

ComboFix 11-03-25.04 - Romeo Ninov 03.2011 г. 17:22:02.5.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2046.1743 [GMT 1:00]

Running from: c:\documents and settings\Romeo Ninov\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\ntuser.pol

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_BLOCK_READER

-------\Service_block_reader

-------\Service_Ias

.

.

((((((((((((((((((((((((( Files Created from 2011-02-26 to 2011-03-26 )))))))))))))))))))))))))))))))

.

.

2011-03-26 08:24 . 2011-03-26 08:24 -------- d-----w- C:\Virtual Machines

2011-03-22 20:35 . 2011-03-22 20:35 -------- d-----w- c:\documents and settings\Romeo Ninov\Application Data\com.hyfn.taylorswift

2011-03-22 20:35 . 2011-03-22 20:35 -------- d-----w- c:\documents and settings\Romeo Ninov\.hAWabAzAr

2011-03-22 20:35 . 2011-03-22 20:35 -------- d-----w- c:\program files\Common Files\Adobe AIR

2011-03-22 19:44 . 2011-03-22 19:44 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-03-22 19:44 . 2011-03-22 19:44 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-03-22 19:44 . 2011-03-22 19:44 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-03-22 19:44 . 2011-03-22 19:44 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-03-22 19:44 . 2011-03-22 19:44 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-03-22 19:44 . 2011-03-22 19:44 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-03-22 19:44 . 2011-03-22 19:44 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-03-22 19:44 . 2011-03-22 19:44 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-09 13:53 . 2006-04-30 06:55 270848 ------w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2006-04-30 06:55 186880 ------w- c:\windows\system32\encdec.dll

2011-02-02 07:58 . 2006-04-30 07:09 2067456 ------w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2006-04-30 07:09 677888 ------w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2006-04-30 06:56 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2006-04-30 06:55 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2006-04-30 06:55 1854976 ------w- c:\windows\system32\win32k.sys

2009-01-08 20:58 . 2009-01-08 20:58 774144 ------w- c:\program files\RngInterstitial.dll

2011-03-22 19:44 . 2011-03-22 19:44 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

.

[-] 2009-07-14 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-05-07 . 69564DE8D733BA39226A43FF11095B10 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\cache\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys

[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2011-02-08 12:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2011-02-08 12:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-10-22 421888]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2009-10-22 208896]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2010-04-22 128296]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]

"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]

"TpShocks"="TpShocks.exe" [2009-07-08 337184]

"TP4EX"="tp4ex.exe" [2005-10-17 65536]

"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-09-01 165208]

"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-20 487424]

"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-09-01 124248]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-10 1326080]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-10 904840]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-10 136472]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]

"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]

"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Romeo Ninov\Start Menu\Programs\Startup\

CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2008-12-18 49152]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-2 50688]

HiPath SIcurity Card API.lnk - c:\program files\Siemens\Card API\bin\siecacst.exe [2007-10-25 69632]

MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-2-8 3600184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]

2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2009-05-21 13:54 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 14:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]

2007-09-25 08:10 2007088 ----a-w- c:\program files\FlashGet\flashget.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2008-09-23 12:17 21755688 ------r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Miranda IM\\miranda32.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe

"c:\\Program Files\\FlashGet\\FlashGet.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"21551:TCP"= 21551:TCP:BitComet 21551 TCP

"21551:UDP"= 21551:UDP:BitComet 21551 UDP

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03.11.2007 г. 20:36 685816]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [29.6.2009 г. 12:51 20520]

R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [23.11.2008 г. 11:37 15784]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 г. 16:49 94360]

S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 г. 16:47 107256]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 г. 16:47 731840]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [28.1.2010 г. 11:24 45424]

S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [13.9.2008 г. 08:49 53248]

S2 smi2;smi2;c:\program files\SMI2\smi2.sys [14.7.2006 г. 23:55 3968]

S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13.3.2009 г. 12:47 12560]

S2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [28.1.2010 г. 11:24 62320]

S2 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [20.10.2009 г. 13:51 1654884]

S3 cpuz130;cpuz130;\??\c:\docume~1\ROMEON~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ROMEON~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 cxbu0wdm;CardMan 6121;c:\windows\system32\drivers\cxbu0wdm.sys [28.2.2007 г. 05:38 91008]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]

S3 PCDSRVC{9503439C-19F1437D-06000000}_0;PCDSRVC{9503439C-19F1437D-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\PCDR5\pcdsrvc.pkms [19.2.2009 г. 22:50 20848]

S3 RETA5;RETA5 NDIS Protocol Driver;\??\c:\progra~1\EEYEDI~1\CASCAN~1\RETA5.SYS --> c:\progra~1\EEYEDI~1\CASCAN~1\RETA5.SYS [?]

S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [01.10.2006 г. 13:37 26624]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [19.11.2009 г. 20:23 109328]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06.5.2008 г. 15:06 11520]

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-26 c:\windows\Tasks\InfoNotary Smart Card Manager Updates.job

- c:\program files\InfoNotary\SCManager2\updater.exe [2010-11-12 15:58]

.

2010-03-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]

.

2011-03-26 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-09-15 23:04]

.

2011-01-04 c:\windows\Tasks\Update InfoNotary e-Doc Signer.job

- c:\program files\InfoNotary\INSigner\INSignerUpdater.exe [2010-07-26 12:24]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyServer = 10.55.0.36:8080

IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: e-fibank.bg

TCP: {08D4027E-BC55-411F-952C-4342C857AA0D} = 192.168.1.1

DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab

FF - ProfilePath - c:\documents and settings\Romeo Ninov\Application Data\Mozilla\Firefox\Profiles\c0o9tb00.default\

FF - prefs.js: network.proxy.ftp - tehif.eu

FF - prefs.js: network.proxy.ftp_port - 3128

FF - prefs.js: network.proxy.gopher - tehif.eu

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - tehif.eu

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.socks - tehif.eu

FF - prefs.js: network.proxy.socks_port - 3128

FF - prefs.js: network.proxy.ssl - tehif.eu

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 0

.

.

------- File Associations -------

.

.txt=txt_auto_file

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

SafeBoot-mcmscsvc

SafeBoot-MCODS

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-PDVD8LanguageShortcut - c:\program files\CyberLink\PowerDVD8\Language\Language.exe

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe

MSConfigStartUp-RemoteControl8 - c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

MSConfigStartUp-UpdatePDRShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

MSConfigStartUp-UpdatePPShortCut - c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-26 17:27

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCDSRVC{9503439C-19F1437D-06000000}_0]

"ImagePath"="\??\c:\program files\pcdr5\pcdsrvc.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-39014616-1862209109-968308959-1008\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1040)

c:\windows\system32\vrlogon.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infql2.dll

c:\program files\ThinkVantage Fingerprint Software\homepass.dll

c:\program files\ThinkVantage Fingerprint Software\bio.dll

c:\program files\ThinkVantage Fingerprint Software\qlbase.dll

c:\program files\ThinkVantage Fingerprint Software\ps2css.dll

c:\program files\Lenovo\AwayTask\AwayNotify.dll

.

- - - - - - - > 'lsass.exe'(1108)

c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infql2.dll

.

- - - - - - - > 'explorer.exe'(1392)

c:\windows\system32\WININET.dll

c:\program files\MozyHome\mozyshell.dll

c:\program files\MozyHome\LIBEAY32.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2011-03-26 17:31:55 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-26 16:31

.

Pre-Run: 73 648 947 200 bytes free

Post-Run: 73 651 339 264 bytes free

.

- - End Of File - - 2C736C1D4557919212489D077A29B402

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Наблюдавате ли проблеми по системата си...?:dancing18:

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Наблюдавате ли проблеми по системата си...?:dancing18:

не, даже я усещам малко по-пъргава, но може би това е субективно :P Благодаря

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Прекрасно..!:dancing18:Деинсталирайте Комбофикс така:

1.Натиснете Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK

Публикувано изображение

2.Изтеглете OTCleanIt или от тук,стартирайте и натиснете Clean up

След това едно контролно сканиране с MBAM:

* Изтеглете Malwarebytes' Anti-Malware Free от тук

* Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

* Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

* Ако има намерени обновявания, тя ще ги изтегли и инсталира.

* Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

* Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

* Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

* Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

* Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Прекрасно..!:rolleyes:Деинсталирайте Комбофикс така:

1.Натиснете Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK

Публикувано изображение

2.Изтеглете OTCleanIt или от тук,стартирайте и натиснете Clean up

След това едно контролно сканиране с MBAM:

* Изтеглете Malwarebytes' Anti-Malware Free от тук

* Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

* Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

* Ако има намерени обновявания, тя ще ги изтегли и инсталира.

* Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

* Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

* Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

* Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

* Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

Почистих с първите два инструмента. Имам инсталирана безплатната версия на Malwarebytes' Anti-Malware (теглена от официалния сайт), и ъпдейтвана редовно. Нужно ли е да я деинсталирам и инсталирам отново?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не,разбира се...!Няма смисъл...!:rolleyes:

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не,разбира се...!Няма смисъл...!:)

Ето го лога:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6176

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

26.3.2011 г. 20:46:58

mbam-log-2011-03-26 (20-46-58).txt

Scan type: Full scan (C:\|F:\|)

Objects scanned: 283501

Time elapsed: 1 hour(s), 5 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ами мисля че това е всичко..!Не виждам активни зарази ....!Пожелавам ви лека вечер..!:)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ами мисля че това е всичко..!Не виждам активни зарази ....!Пожелавам ви лека вечер..!:)

Благодаря за помощта, приятна вечер и на вас :ph34r:
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.